How to configure and deploy Google ADMX with Workspace ONE UEM

Hussam Rabaya
chrome in workspace one UEM

group policy is one of the ways to control and restrict applications behavior and normally we configure it through Active directory , but what if we don’t have domain and we need to push ADMX template then push a configuration , its possible now with CSP service and using Workspace ONE custom configuration profile

This is just direct steps to configure google Chrome ADMX and configure policy settings using custom profile settings , if you want to read deeply around this article my advice to check  Camila post HERE  and  Grischa Ernst HERE , simply im using same procedure from these blogs but in less steps and more simple way , let us start

1-Download Google Chrome Templates

  • Download Chrome policy template which you can get from HERE also my advice here to use Chrome for Enterprise
chrome for Enterprise
  • Extract the policy template and go for “chrome.admx” where you can find it under policy_templates\windows\admx
  • Open it with Notepad and remove the first line <?xml version=”1.0″ ?>
Chrome ADMX in notepadd++
  • Note: we are going to create:
  • Profile 1: to push the ADMX template(every ADMX file need separate profile )
    • Profiles (2,3)to push policy configuration , you can keep every setting in profile and you can have multiple polices in single profile(here im doing a profile per setting)

2- Profile 1 :ADMX template profile

  • Go to Workspace one UEM Console  , navigate to Devices & User > Profile > Add > Windows > Desktop > Device >
  • in my example I named it  Windows-custom ADMX – Chrome
  • go to custom settings,
  • in “Install settings” , we will use the below template
<Add>
	<CmdID>00e402b9-1901-4960-bc4b-c9f2ec0cd51d</CmdID>
	<Item>
		<Meta>
			<Format>chr</Format>
			<Type>text/plain</Type>
		</Meta>
		<Target>
		<LocURI>./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Google/Policy/3</LocURI>
		</Target>
		<Data>	</Target>
		<Data>
			<![CDATA[ADMX FILE DATA HERE]]>
		</Data>
	</Item>
</Add>
  • Paste it in the “Install settings” filed
  • From the “chrome.admx”  copy the remaining document (note that we removed the first line ) and paste it in and replace “ADMX FILE DATA HERE”
  • It will look like this
custom profile settings for windows devices
  • Next, in “remove settings” , paste the below
<Delete>
    <CmdID>61AB4D-5FD0-4EF2-8F8A-012870443E88</CmdID>
    <Item>
        <Meta>
            <Format>chr</Format>
            <Type>text/plain</Type>
        </Meta>
        <Target>
            <LocURI>./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Google/Policy/3</LocURI>
        </Target>
    </Item>
</Delete>

3-Profile 2 : Configure Apply ADMX setting (block external extensions )

  • Go to Workspace one UEM Console  , navigate to Devices & User > Profile > Add > Windows > Desktop > Device >
  • in my example I named it  Windows-ADMX-Chrome-BlockExtensions
  • go to custom settings,
  • in “Install settings” , copy and paste the below
<Replace>
	<CmdID>706041b2-7109-4fcf-9713-ff753cad2ac9c</CmdID>
	<Item>
		<Target>
			<LocURI>./Device/Vendor/MSFT/Policy/Config/Google~Policy~googlechrome~Extensions/BlockExternalExtensions</LocURI>
		</Target>
		<Data>
			<![CDATA[<enabled/>]]>
		</Data>
	</Item>
</Replace>
  • in “remove  settings” , copy and paste the below
<Delete>
	<CmdID>706041b2-7109-4fcf-9713-ff753cad2ac9c</CmdID>
	<Item>
		<Target>
		<LocURI>./Device/Vendor/MSFT/Policy/Config/Google~Policy~googlechrome~Extensions/BlockExternalExtensions</LocURI>
		</Target>
		<Data><![CDATA[<enabled/>]]></Data>
	</Item>
</Delete>
Windows profile settings to blocj Chrome extensions

Profile 3 : Configure Apply ADMX setting (configure home page to vhussam.com )

  • Go to Workspace one UEM Console  , navigate to Devices & User > Profile > Add > Windows > Desktop > Device >
  • in my example I named it  Windows-ADMX-Chrome-Homepage
  • go to custom settings,
  • in “Install settings” , copy and paste the below
< Replace>
	<CmdID>706041b2-7109-43cf-9713-ff753cad2ac9c</CmdID>
	<Item>
		<Target>
		<LocURI>./Device/Vendor/MSFT/Policy/Config/Google~Policy~googlechrome~Startup/HomepageLocation</LocURI>
		</Target>
		<Data><![CDATA[<enabled/> <data id="HomepageLocation" value="https://vhussam.com"/>]]></Data>
	</Item>
</ Replace>
  • in “remove  settings” , copy and paste the below
< Delete>
	<CmdID>706041b2-7109-43cf-9713-ff753cad2ac9c</CmdID>
	<Item>
		<Target>
		<LocURI>./Device/Vendor/MSFT/Policy/Config/Google~Policy~googlechrome~Startup/HomepageLocation</LocURI>
		</Target>
		<Data><Data>
	</Item>
</ Delete >
  • Assign the profile to devices and save

Notes:;

  1. open chrome to url chrome://policy will show you the applied polices
  2. the number in CMID is random numbers you can put any number , but it have to be unique for each setting
  3. check registry (HKLM\SOFTWARE\MICROSOFT\PolicyManager\AdmxInstalled) in the managed endpoint  to see the installed ADMX and what other settings you can apply
  4. refer to Camila post HERE  and  Grischa Ernst HERE , its great posts and contain great details

read More in my blog about VMware Work space ONE

Leave a Reply

Your email address will not be published. Required fields are marked *